CVE-2025-59540
Chamilo: Stored Cross-Site Scripting (XSS) in Chamilo LMS Exercise Feedback
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Chamilo is a learning management system. Prior to version 1.11.34, a stored XSS vulnerability exists in Chamilo LMS that allows a staff account to execute arbitrary JavaScript in the browser of higher-privileged admin users. The issue arises because feedback input in the exercise history page is not properly encoded before rendering, allowing malicious scripts to persist in the database and execute on view. This issue has been patched in version 1.11.34.
| CWE | CWE-80 CWE-79 |
| Vendor | chamilo |
| Product | chamilo-lms |
| Published | Mar 6, 2026 |
| Last Updated | Mar 6, 2026 |
Stay Ahead of the Next One
Get instant alerts for chamilo chamilo-lms
Be the first to know when new unknown vulnerabilities affecting chamilo chamilo-lms are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
chamilo / chamilo-lms
< 1.11.34